Information Security Services The Portfolio Action Tracker (PAT) is a transparency tool that can be used to monitor and review the real-time status of NASPO ValuePoint portfolios. Click here to view Status

× Currently tracker not available for this portfolio.

Please note: End to End Computing has elected to not renew their contract. Their contract will expire 2/23/24 and will no longer be available under this portfolio after that date.

These Master Agreements are to provide a suite of information security services including Risk Assessment and Mitigation, Event and Incident Management, and Breach Coach, and Notification Services.

A Purchasing Entity may customize services ordered from any of the awarded Categories by working with the Contractor to develop a Statement of Work for each order. The Participating Entity may elect to use a limited selection of services rather than all services available under any of the awarded Categories.

Category 1 Risk Assessment and Mitigation - - The Contractor will perform vulnerability assessments, privacy impact and policy assessments, and evaluation and analysis of internal controls critical to the detection and elimination of vulnerabilities to the protection of Data, as defined by a Purchasing Entity

Category 2 Event and Incident Management - - The Contractor will work with the Purchasing Entity to determine the actual scope of an Event and determine if the Event is an Incident. This may include, but is not limited to, gathering information from various sources such as log files, error messages, and other resources such as intrusion detection systems and firewalls that may produce evidence to determine if an Event is an Incident.

Category 3 Breach Coach Services - - The Contractor will provide guidance, advice and consultation to coordinate and support the Purchasing Entity’s Breach response, including the investigation and mitigation of a Breach impacting individuals or organizations that may be located within the state, region, or dispersed nationwide.

Category 4 Credit Monitoring Services - a la carte services as needed by the Purchasing Entity in the event of a data breach. Based on needs the purchasing entity may choose from any of the following services, or any combination thereof: Notification [of affected individuals], General Call Center, One Year Single-Bureau Credit Monitoring/Identity Theft Protection, One Year Triple-Bureau Credit Monitoring/Identity Theft Protection.

22nd Century Technologies, Inc (Risk Assessment) 22nd Century Technologies, Inc (Risk Assessment) View Details

22nd Century Technologies, Inc. (Data Breach) 22nd Century Technologies, Inc. (Data Breach) View Details

End to End Computing, LLC End to End Computing, LLC View Details

MGT of America Consulting, LLC MGT of America Consulting, LLC View Details

Participating Addenda (14)

Lead State

  • Idaho
    Mike Gwinn
    [email protected]
    (208) 332-1617
  • Awarded:
  • Expiration:
  • Renewals Limit:

NASPO Resources

Cooperative Portfolio Managers
  • Primary Contact
  • Secondary Contact



Research Tools: